This worked fine originally in my conf.php:
Code: Select all
// LDAP settings
define('USE_LDAP', true);
define('LDAP_SSL', false); // set to true if using LDAP with SSL encryption
define('LDAP_HOST', 'xxx.xxx.xxx.xxx');
define('LDAP_PORT', '389');
define('LDAP_DN', 'DC=mydomain,DC=com');
define('LDAP_USER', 'administrator@mydomain.com');
define('LDAP_PASS', '**********');
define('LDAP_SITE', 'default');
// can be set to 'proxyaddresses' or 'mail'. Please refer to your LDAP system manual for the right keyword
define('LDAP_EMAIL_FIELD', 'mail');
// Microsoft Active Directory compatibility support for searches from Domain Base DN
define('LDAP_MS_AD_COMPATIBILITY', false);
Code: Select all
// LDAP settings
define('USE_LDAP', true);
define('LDAP_SSL', false); // set to true if using LDAP with SSL encryption
define('LDAP_HOST', 'xxx.xxx.xxx.xxx');
define('LDAP_PORT', '389');
define('LDAP_PROTOCOL_VERSION', 3);
define('LDAP_DN', 'DC=mydomain,DC=com');
define('LDAP_USER', 'administrator@mydomain.com');
define('LDAP_PASS', '**********');
define('LDAP_SITE', 'Default-First-Site-Name');
define('LDAP_FILTER', 'sAMAccountName=%s'); //%s will be replaced by username eg. 'mail=%', 'mail=SMTP:%s', 'sAMAccountName=%s'
// can be set to 'proxyaddresses' or 'mail'. Please refer to your LDAP system manual for the right keyword
define('LDAP_EMAIL_FIELD', 'proxyaddresses');
// The value of the LDAP_USERNAME_FIELD will be extended by LDAP_BIND_PREFIX and LDAP_BIND_SUFFIX to created the binding username.
define('LDAP_USERNAME_FIELD', 'sAMAccountName');
define('LDAP_BIND_PREFIX', '');
define('LDAP_BIND_SUFFIX', '');
// Microsoft Active Directory compatibility support for searches from Domain Base DN
define('LDAP_MS_AD_COMPATIBILITY', false);
- Disabled Modsecurity (I saw another LDAP-related thread where Modsecurity was causing problems)
- Changed LDAP_SITE. I'm not sure what this is, my original config just had 'default', I have also tried 'default-first-site-name' and 'Default-First-Site-Name' with no luck. Somewhere in Apache Active Directory Studio I saw a reference to 'Default-First-Site-Name', so that's what I've been using for now. I have no idea whether or not it's case-sensitive.
- Toggled LDAP_MS_AD_COMPATIBILITY (not sure what that does)
- Toggled LDAP_EMAIL_FIELD. I've used Apache Active Directory Studio and I can see both mail entries and proxyaddresses. There are other "otherMailbox" entries for aliases, but I was used to adding aliases manually before the update, I'm not too concerned about those. I've tried using both 'mail' and 'proxyaddresses', neither one has worked for me.
- Changed LDAP_USERNAME_FIELD. By default it was cn, but on my server that seems to be the Display Name of the user. sAMAccountName just shows the username, and userPrincipalName has the username followed by '@MYDOMAIN.COM' (in all caps). I tried changing LDAP_USERNAME_FIELD to 'userPrincipalName' and LDAP_BIND_SUFFIX to '@MYDOMAIN.COM', but this still hasn't worked.